Comprehensive searchable database of common network ports, protocols, and services. Find port numbers, check if ports are safe to open, and identify protocol details.
A port reference provides a comprehensive lookup of TCP and UDP port numbers, their assigned protocols, and their security implications. Ports are logical endpoints that operating systems use to direct network traffic to the correct application—like apartment numbers in a building. Understanding which services run on which ports is fundamental to network administration, firewall configuration, and security operations.
The Internet Assigned Numbers Authority (IANA) maintains the official port registry, dividing the 65,535 available ports per protocol into three ranges: Well-Known Ports (0-1023), Registered Ports (1024-49151), and Dynamic/Ephemeral Ports (49152-65535). Security professionals need to know these assignments to interpret network scans, write firewall rules, and identify potentially malicious traffic.
When a client connects to a server, it specifies both an IP address and a port number. The server listens on a specific port for incoming connections. The combination of IP address + port number + protocol (TCP or UDP) uniquely identifies a network service.
| Port | Protocol | Service | Security Notes |
|---|---|---|---|
| 22 | TCP | SSH | Secure remote access; target for brute-force attacks |
| 25 | TCP | SMTP | Email relay; often blocked to prevent spam |
| 53 | TCP/UDP | DNS | Name resolution; DNS tunneling risk |
| 80 | TCP | HTTP | Unencrypted web traffic |
| 443 | TCP | HTTPS | Encrypted web traffic (TLS) |
| 445 | TCP | SMB | File sharing; historically vulnerable (WannaCry) |
| 1433 | TCP | MSSQL | Database; should never be internet-exposed |
| 3306 | TCP | MySQL | Database; restrict to localhost or VPN |
| 3389 | TCP | RDP | Remote desktop; major attack target |
| 5432 | TCP | PostgreSQL | Database; restrict access carefully |
| 8080 | TCP | HTTP Alt | Common for proxies and dev servers |
| 8443 | TCP | HTTPS Alt | Common for management interfaces |
Port states in scanning:
netstat or ssNetwork ports are logical endpoints in TCP/IP networking, numbered 0-65535, that enable multiple services to operate on a single IP address. Ports direct traffic to specific applications: web servers use 80/443, email uses 25/587/993, SSH uses 22. Understanding ports is essential for firewall configuration, troubleshooting connectivity, and securing network services properly.
TCP (Transmission Control Protocol) provides reliable, connection-oriented communication with error checking and guaranteed delivery. UDP (User Datagram Protocol) offers connectionless, faster communication without delivery guarantees. TCP suits applications needing reliability (HTTP, SSH, email); UDP suits speed-critical services (DNS, streaming, gaming). Many services support both protocols on the same port.
Well-known ports (0-1023) are reserved for common services by IANA and require administrator privileges. Examples: 22 (SSH), 80 (HTTP), 443 (HTTPS). Registered ports (1024-49151) are assigned to specific applications by IANA but don't require privileges. Dynamic/private ports (49152-65535) are temporary ports for client connections. Always verify port assignments before deployment.
Block inbound connections on all ports except those explicitly required for services. High-risk ports include: 23 (Telnet), 135-139/445 (SMB/NetBIOS), 3389 (RDP), 5900 (VNC). Allow only: 80/443 for web, 22 for SSH (change default), required application ports. Implement egress filtering too, blocking unexpected outbound connections to prevent data exfiltration and command-and-control communication.
Attackers frequently target: 22 (SSH brute force), 23 (Telnet default credentials), 80/443 (web vulnerabilities), 3389 (RDP attacks), 445 (SMB exploits like WannaCry), 21 (FTP), 1433/3306 (databases). They also scan high ports for backdoors and use non-standard ports to evade detection. Monitor all open ports, not just common targets, with intrusion detection systems.
Windows: Run "netstat -ano" or "Get-NetTCPConnection" in PowerShell. Linux/Mac: Run "netstat -tuln", "ss -tuln", or "lsof -i". External scanning: Use nmap ("nmap -sT [IP]") or online port scanners. Always scan from both internal and external perspectives to understand exposure. Document all open ports and their purposes for security baseline and compliance.
Changing default ports provides minimal security through obscurity. It reduces automated scanning but determined attackers will discover services regardless. Better strategies: disable unnecessary services, use strong authentication, keep software updated, implement network segmentation, and monitor traffic. If changing ports, document changes carefully and ensure monitoring tools reflect new configurations to avoid blind spots.
Port forwarding redirects external traffic to internal network devices, enabling services like remote desktop, web servers, or game servers behind NAT. Configure on routers to map external ports to internal IP:port combinations. Use cautiously: each forwarded port increases attack surface. Prefer VPN access over port forwarding. If necessary, use non-standard ports, strong authentication, and monitor logs regularly.
Block unused ports and known-vulnerable services like Telnet (23), NetBIOS (135-139, 445), and RDP (3389) unless needed. Allow only essential services through specific ports. Implement default-deny policies where all traffic is blocked except explicitly allowed connections.
TCP (Transmission Control Protocol) is connection-oriented with guaranteed delivery, ordering, and error checking - ideal for web, email, and file transfers. UDP (User Datagram Protocol) is connectionless with no delivery guarantees but lower latency - used for streaming, gaming, and DNS.